1. Field of the Invention
The present invention generally relates to protecting confidentiality of a file distributed and stored at a plurality of storage service providers. In particular, it concerns cloud storage. Cloud storage is a model of networked online storage where data is stored in virtualized pools of storage which are generally hosted by third parties. Hosting companies operate large data centers, and people who require their data to be hosted buy or lease storage capacity from them. The data centre operators, in the background, virtualize the resources according to the requirements of the customer and expose them as storage pools, which the customers can themselves use to store files or data objects. Physically, the resource may span across multiple servers.
If no precaution is taken, all the stored data can be accessed by the cloud operator who can potentially use it with a malicious intent (e.g. reselling the information to the client's competitors). Furthermore, even if the cloud operator is honest, the confidentiality of stored data can be compromised by attackers who have greater interest in attacking data centers which aggregate data of several companies and users rather than attacking a single enterprise network. Therefore there is a need to protect the confidentiality of data at a storage service provider.
2. Description of the Prior Art
One known solution consists in encrypting the data before outsourcing its storage. The drawback of this solution is that it is resource consuming (encryption for storage and decryption for retrieval). Additionally it requires a key management process to keep trace of the keys used to encrypt each data packet. It further implies to securely store the keys, because it gives full access to the data if the key is leaked.
Another known solution consists in segmenting data in several chunks and store the chunk respectively at different storage service providers so that none of them has access to the full data. This solution has the drawback that each storage service provider has access to the chunk that it stores. So it can still derive some confidential information from it. A countermeasure is to further encrypt each chunk, with the drawback of the previous solution.
Another known solution is described in the article of PAULO F OLIVERA ET AL: “Trusted Storage over Untrusted Networks”, GLOBECOM 2010, 2010 IEEE GLOBAL TELECOMMUNICATIONS CONFERENCE, IEEE, PISCATAWAY, N.J., USA, 6 Dec. 2010. It comprises the steps of:                choosing a security parameter n, and segmenting the file in n chunks S1, . . . , Sn;        randomly choosing n coefficients aj, with j=1, . . . , n, all aj being different from each other;        then generating n2 coefficients aij for i=1, . . . , n and j=1, . . . , n, by generating a Vandermonde matrix (aji-1);        computing n linear combinations Ci=ai1·S1+ . . . +aij·Sj+ . . . +ain·Sn for i=1, . . . , n;        choosing two different storage service providers and storing a portion of the linear combinations at the first storage service provider and the other linear combinations at the second storage service provider.        
The randomly chosen n coefficients aj, with j=1, . . . , n, are different and independent from each other; but most of the n2 coefficients aij are not independent from each other because they are obtained by generating a Vandermonde matrix (aji-1).
The aim of the present invention is to provide a more secure technical solution for protecting confidentiality of data distributed and store on a plurality of storage service providers.
This can be solved by applying, the methods according to the invention.